adprep32, how long to allow replication to finish?

I will soon be running adprep32.exe on a Windows 2000 Server, which is the FSMO DC in the network. I am adding two Windows 2008 R2 servers to become the DCs. The first run is 'adprep32 /forestprep'. Then I read this: '...allow the changes to replicate throughout the forest before you prepare any domains', which refers to the next step 'adprep32 /domainprep /gpprep'.

What's the best way to know when the changes are finished replicating throughout the forest? It's a small, in-house, local network. So, I'm assuming it will be within minutes and not some overnight wait.

I am aware of the schema version. It is currently 30, but will go to 47 after I run adprep32 from the 2008 R2 DVD. I reckon I can assume that once both current DC's show the Schema Version at 47, then any replication initiated by adprep32 will have been completed?
But, when does the Schema Version change? Is it after /forestprep or after /domainprep?

The current domain controllers are two very old Dell Poweredge tower style Windows 2000 and a Windows 2003 machines. These are the only two in the system. I'm replacing them with two Windows 2008 R2 machines that are HP DL120 G7s. There are currently less than 200 'items' in Active Directory.

The replication here is just for the changes that adprep32 will make after running /forestprep and before running /domainprep. So, I'm thinking this will be in that 10 - 15 minute range... or less, at which time I can then run the /domainprep /gpprep.

The longer process, as mentioned, will be when joining the new DCs to the system with dcpromo.

Run both commands on the FSMO master and you don't have to wait. At least I've never waited and I've never had a problem I can recall relating to that.

HOWEVER, DO make sure you run DCDIAG /C /E /V on both existing DCs (possible the 2000 DCs won't have those switches and you'll have to install DCDIAG maybe on both). This should check the health of AD and make sure you're ready. If not, correct unexplained issues before proceeding.

Speaking of making a backup first, I see a lot of call for that. But, then I never see any examples of what could happen, what errors might pop up, etc., that would require using a backup and then how to actually do the backup.

One of my concerns is exactly that. The current system I am working with doesn't leave me with a lot of confidence that all will go smoothly.

Since I am adding new DC's to replace the old DC's and not doing an upgrade of the current DC's, how likely is it that I will need to recover using a backup? How likely is it that running adprep32 will hose up the Windows 2000 Server DC and that prevents the new Windows 2008 DC's from being promotable and if that happens will the schema version have changed to 47 and then the backup recovery changes it back to 30?

Quite honestly, if you're NEW to this and never have done it before, then YOU shouldn't be doing it. Certainly not on your network. A TEST network, fine. But NOT your production network. If you don't have experience and knowledge, you should be hiring a consultant who does. Would you perform your own Appendectomy (or perform one on a friend) if you didn't have the skills and knowledge to do so? If not, why would you do one to your network?

Warning issued, you asked:
> how likely is it that I will need to recover using a backup?
Not likely at all in my experience. Then again, I've got experience. I've never had to do one related to this procedure. YEARS ago, I did them... but since I'm comfortable with how AD works, It's not something I find the need to do... almost ever. (That said, and to follow my own advice, I probably should do one or two in a test network before the need arises in a real network -- weird things happen).

> How likely is it that running adprep32 will hose up the Windows 2000 Server DC
> and that prevents the new Windows 2008 DC's from being promotable
Never seen it happen. Would say odds are extremely low. That said, you could always be the first.

> and if that happens will the schema version have changed to 47 and then the
> backup recovery changes it back to 30?
That's why you backup BOTH DCs. And if necessary, you would do an Authoritative Restore on the FSMO master. That SHOULD take care of things. OR you would restore one DC after forcibly demoting the other so that there could be no conflict. Again, test environment.

Thanks for your input. And I do have a similar test network at home. Things are going pretty smooth with that, but the old DC's in the work system have all sorts of other software and roles and features enabled. All that happened along the way before I got here. That's why I am introducing new servers to be the Domain Controllers.

And, I am the IT guy/department here. I know the basics of what I need to do, but it's those little gotcha's that might pop up along the way... and recovering from them.

That's a good idea about the consultant. I'll have to see if the company will let me contract one.

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…

This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource.
Use Google, Bing, or other preferred search engine to locate trusted NTP …

Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…